From: Janne Karhunen <janne.karhunen@gmail.com>
To: linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org, zohar@linux.ibm.com
Cc: Janne Karhunen <janne.karhunen@gmail.com>
Subject: [PATCH 0/5] integrity: improve ima measurement accuracy
Date: Mon, 13 May 2019 15:53:49 +0300 [thread overview]
Message-ID: <20190513125354.23126-1-janne.karhunen@gmail.com> (raw)
By default the linux integrity subsystem measures a file only
when a file is being closed. While this certainly provides
low overhead as the re-measurements are never done, it also
makes sure the system has zero means to recover from a crash
or a power outage when operating in 'appraise' mode.
This patch series adds two new IMA api functions to retrigger
the measurements as the files change. Synchronous variant
should be invoked from less performance sensitive locations
such as sync|msync|truncate where the user is expecting some
latency, and the asynchronous variant can be called from
performance sensitive locations such as direct write or mmio.
Asynchronous variant is mostly 'out of the way' on write hot
paths, each file write is only checking that we have a cmwq
work entry pending to re-calculate the file measurement later
on. Re-measurement latencies are build time tunables and the
latencies are automatically raised for very large files.
While this does not provide absolutely perfect tolerance to
system resets, for most reasonable embedded system workloads
it can be tuned to achieve really high measurement accurancy
with the measurements being accurate 99.9%+ of the day.
Janne Karhunen (5):
integrity: keep the integrity state of open files up to date
integrity: update the file measurement on truncate
integrity: update the file measurement on write
integrity: measure the file on sync
integrity: measure the file on msync
fs/namei.c | 5 +-
fs/open.c | 3 +
fs/read_write.c | 11 ++-
fs/sync.c | 3 +
include/linux/ima.h | 12 +++
mm/msync.c | 7 ++
security/integrity/ima/Kconfig | 20 +++++
security/integrity/ima/ima_appraise.c | 6 +-
security/integrity/ima/ima_main.c | 103 +++++++++++++++++++++++++-
security/integrity/integrity.h | 6 ++
10 files changed, 171 insertions(+), 5 deletions(-)
--
2.17.1
next reply other threads:[~2019-05-13 12:54 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-13 12:53 Janne Karhunen [this message]
2019-05-13 12:53 ` [PATCH 1/5] integrity: keep the integrity state of open files up to date Janne Karhunen
2019-05-13 12:53 ` [PATCH 2/5] integrity: update the file measurement on truncate Janne Karhunen
2019-05-13 12:53 ` [PATCH 3/5] integrity: update the file measurement on write Janne Karhunen
2019-05-13 12:53 ` [PATCH 4/5] integrity: measure the file on sync Janne Karhunen
2019-05-13 12:53 ` [PATCH 5/5] integrity: measure the file on msync Janne Karhunen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190513125354.23126-1-janne.karhunen@gmail.com \
--to=janne.karhunen@gmail.com \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).